mod_ruid + jailshell - how to enable

postcd

Well-Known Member
Oct 22, 2010
717
19
68
Hello,

please how can i enable mod_ruid and jailshell on my whm server?
It is adviced by this post: https://forums.cpanel.net/f185/solutions-handling-symlink-attacks-202242-p23.html#post1397221
and there too: http://www.sysadmindiaries.com/2013/07/how-to-prevent-cpanel-apache-symlink.html
It is very easy to enable. Just re-complile apache using mod_ruid2 and then enable "Jail Apache Virtual Hosts" in Tweak settings.
Currently i have suphp, suexec..

In Home »Server Configuration »Tweak Settings, Security tab,
i have "EXPERIMENTAL: Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell. [?]", but its grayed out, so i cant activate it..
 
Last edited:

mywhm

Active Member
Jan 15, 2014
31
1
8
cPanel Access Level
Root Administrator
See Change Loog:

http://documentation.cpanel.net/display/EA/EasyApache+Change+Log


Mod Ruid2
Apache 2.2
PHP 5.4


This profile includes the modules from the Basic profile. This configuration utilizes Mod Ruid2 to improve the security of your server. We recommend that you select this profile if you use either the CGI, DSO, or the suPHP PHP handler.

*****
Implemented case 107165: Remove experimental tag from PHP 5.5 and ModRuid2

Today. ModRuid2 is not experimental.

Update cpanel and the ultimate version.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
Hello :)

You must first compile Mod_Ruid2 via EasyApache. Then, you will see it available in:

"WHM Home » Service Configuration » Configure PHP and suEXEC"

The option you referenced will not be greyed out after you enable Mod_Ruid2.

Thank you.
 

postcd

Well-Known Member
Oct 22, 2010
717
19
68
In EasyApache, net to mod ruid2 it says that there will be disabled following packages (amongst others):
Disables:
Cache
Disk Cache
Mod FastCGI v2.3.9
MemCache

So i want to ask which alternative caching things i can use for the best server performance? (running wordpress blogs, joomla and more) thx

// when i added mod ruid2 and compiled easyapache, then modruid was enabled and i seen 403 forbidde errors on all websites. when i disabled mod ruid in Server settings / tweak settings / security and restarted apache, it started working again. the httpd error log file contained things like:
Code:
(13)Permission denied: ... .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
SecurityException in Application.cpp:186: Do not have root privileges. Executable not set-uid root?
[error] mod_ruid2 domain.com GET /feed.php?f=143 HTTP/1.1 chdir to /home/virtfs/fmyusername failed
:-/
 
Last edited:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,211
363
Please ensure you open separate threads for each individual issue (e.g. best cache options). As far as this error:

(13)Permission denied: ... .htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable
Check that .htaccess file to determine what it's permission and ownership values are.

Thank you.